John Anthony Smith: Lack Of Multi-factor Authentication Caused Colonial Pipeline Breach

Sunday, June 6, 2021 - by John Anthony Smith
John Anthony Smith
John Anthony Smith

(John Anthony Smith, CEO of the fast-growing Conversant Group on the Southside, advises on Internet security. There have been recent attacks by cyber gangs - first on a U.S. pipeline company, then on a huge beef producer and, mostly recently, a large media group.)

 

Last month, hackers infiltrated Colonial Pipeline’s computer network, which resulted in the massive shutdown of its pipeline.

The pipeline provides nearly one half of the fuel supply for the Southeastern United States. Colonial Pipeline elected to pay a ransom demand of nearly $4 million the same day. The pipeline was shut down for six days, and it resulted in a run on fuel stations throughout the Southeast.

 

In light of upcoming Congressional committee meetings, Colonial Pipeline made Joseph Blount, CEO, and Charles Carmakal, Mandiant senior vice president, available to speak publicly about the causes of the breach.

 

On Friday, Bloomberg reported that a compromised password for an inactive account was used to breach Colonial Pipeline’s network. An unused user account (the user no longer worked for Colonial Pipeline) had not been deactivated, and the account still had access to VPN. The user likely had reused his or her password on non-corporate accounts, which resulted in the user’s password being available on the Darkweb (after compromises of other non-corporate web sites). It isn’t known how the attackers obtained the username; however, it is very easy to obtain usernames via other methods. As an example only (there is no proof of this being used at Colonial Pipeline), Exchange Server Outlook Web Access has error reporting that would allow an attacker to accurately guess a username.

 

The VPN system used to compromise the company’s networks was not protected by multifactor authentication (MFA): at least for the user account that was leveraged in the attack. VPN (virtual private network) is used by many companies to provide remote access to users.

 

On assessment, more than 80 percent of the time, we find externally exposed systems without MFA (including cloud apps), and more than 90 percent of the time, we find poor password/user account hygiene.

 

Defense is always less expensive than recovery: our hand is always extended for either (defense or recovery). Please compute safely.

https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password

* * *

John Anthony Smith can be reached at:

423-305-7890

 

 

 

 

John.Smith@conversantgroup.com

1513 Cowart Street

Chattanooga, TN 37408


 


Police Blotter: Disorderly Woman In McDonalds Drive-Thru Asked To Leave; Woman’s Not Sure If She Hit Pickup Or It Hit Her

Latest Bradley County Arrest Report

VIDEO: County Commission Meeting 10/5/22


McDonald's employees at 1117 E. 3rd St. requested police remove an individual driving a dark sedan from trespassing on their property. When the officer arrived, he saw the suspect’s vehicle in ... (click for more)

Click here for the latest Bradley County arrest report. (click for more)



Breaking News

Police Blotter: Disorderly Woman In McDonalds Drive-Thru Asked To Leave; Woman’s Not Sure If She Hit Pickup Or It Hit Her

McDonald's employees at 1117 E. 3rd St. requested police remove an individual driving a dark sedan from trespassing on their property. When the officer arrived, he saw the suspect’s vehicle in the drive-thru line. The driver said she was waiting for her order. The officer spoke with the manager who said before the officer arrived, the woman had been banging on the drive-thru window ... (click for more)

Latest Bradley County Arrest Report

Click here for the latest Bradley County arrest report. (click for more)

Opinion

Soddy Daisy Needs A Real Emergency Room - And Response (2)

I am a longtime resident of north Hamilton County, living in what is now Soddy Daisy. A few years ago, I cut my leg using a chainsaw. My wife drove me to an emergency room in Red Bank. After waiting for what seemed like a long time, I was told I would need to go to their downtown location to be sewn up. They told me, “There’s nobody here who can sew you up!” Frustrated, my wife ... (click for more)

Roy Exum: As Others See Us

The picture shows a young blonde girl, her arm around her dad’s neck, as “she watches a man wearing a dog mask and (draped) in a flag that indicates he likes to pretend to be a dog at the Chattanooga Pride parade in Chattanooga, Tenn., on Oct. 2.” No, I wasn’t there but The Epoch Times was, and on Tuesday there appeared on its website a story with the headline: ‘Corporate-Sponsored ... (click for more)

Sports

Mocs' Ford, Person Tapped As TSWA Football Players Of The Week

Chattanooga’s Ailym Ford and Jay Person were named the Offensive and Defensive Players of the Week, respectively, by the Tennessee Sports Writers Association for their efforts in contests from September 26-October 2. Ford rushed 28 times for 101 yards and two touchdowns in the Mocs’ 24-16 victory at East Tennessee State. The Florence, S.C., native carried 18 times ... (click for more)

Dan Fleser: Bayou Weirdness Ahead For The Vols

The kickoff for Tennessee’s football game at LSU on Saturday is all wrong by bayou standard time. The Tigers typically prowl their stadium and stalk their opponents by moonlight. The atmosphere, no matter how hostile it will be for a 11 a.m. (central time) start, won’t match the decibel level of a night game, when the setting typically is fueled by a full day of . . . er, well ... (click for more)